Skip to content

DerFuz/firewall-rule-center

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

138 Commits

.vscode

.vscode

 
 

backend

backend

 
 

docs

docs

 
 

nginx

nginx

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

Dockerfile.prod

Dockerfile.prod

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

THIRDPARTY

THIRDPARTY

 
 

django_entrypoint.sh

django_entrypoint.sh

 
 

docker-compose.prod.yaml

docker-compose.prod.yaml

 
 

firewall-rule-center.code-workspace

firewall-rule-center.code-workspace

 
 

requirements.prod.txt

requirements.prod.txt

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

FRC logo

Firewall Rule Center

This project is a prototype of a REST API Backend for documenting simple Layer-3/Layer-4 network firewall rules. It should help administrators to keep the desired state of these rules in one place and provide this information as a single-source-of-truth. It was written by Jakob Wölfl as part of his bachelors' thesis.

The project was developed and tested with Python3.11 and Django 4.2.6

A corresponding prototype client is available here

Installing / Getting started

Running it locally (development)

  1. Install required dependencies (for python-ldap)

    Debian:

sudo apt install build-essential python3.11-dev libldap2-dev libsasl2-dev slapd ldap-utils tox lcov valgrind
  1. Install Python packages
pip install -r requirements.txt
  1. Generate Django SECRET_KEY
python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'

or you use Djecrety to generate the key once

  1. Adapt .env-File. Replace DJANGO_SECRET_KEY in environment variables and change other values according to your needs.

  2. Verify that your configured database is online and reachable.

  3. Run Django migrations and create default FRC usergroups and permissions (permissions are documented here).

python manage.py migrate
python manage.py create_frc_groups
  1. Create Django Superuser
python manage.py createsuperuser
  1. Run Django Developmentserver
python manage.py runserver

Running it as a container

  1. Generate Django SECRET_KEY - either you have django installed in your local python environment and run step 3 from above, or you use Djecrety to generate the key once.

  2. Adapt .env-File. Replace DJANGO_SECRET_KEY in environment variables and change other values according to your needs.

  3. Build Container

docker build -t frc-backend -f Dockerfile.prod .

We also provide a rudimentary docker-compose-File for running the "production ready"-containers. The nginx-configuration that is used inside the backend-web-container is located here. Inside there TLS configuration could be provided for example.

Configuration

Name Default Description
DJANGO_DEBUG False DEBUG
DJANGO_ALLOWED_HOSTS localhost ALLOWED_HOSTS
DJANGO_CORS_ALLOWED_ORIGINS - CORS_ALLOWED_ORIGINS
DJANGO_SECRET_KEY - SECRET_KEY
DJANGO_LANGUAGE_CODE - LANGUAGE_CODE
DJANGO_TIME_ZONE - TIME_ZONE
DJANGO_CSRF_TRUSTED_ORIGINS - CSRF_TRUSTED_ORIGINS
DJANGO_JWT_ACCESS_TOKEN_LIFETIME_MINS 5 ACCESS_TOKEN_LIFETIME
DJANGO_JWT_REFRESH_TOKEN_LIFETIME_HOURS 24 REFRESH_TOKEN_LIFETIME
DJANGO_AUTH_LDAP_SERVER_URI - LDAP_SERVER_URI
DJANGO_LDAP_TLS_REQUIRED False Enable TLS connection to LDAP server
DJANGO_LDAP_CA_FILE_PATH - Path to CA-File of LDAP certificate
DJANGO_AUTH_LDAP_BIND_DN - AUTH_LDAP_BIND_DN
DJANGO_AUTH_LDAP_BIND_PASSWORD - AUTH_LDAP_BIND_PASSWORD
DJANGO_LDAP_USER_BASE_DN - Base DN where user accounts reside
DJANGO_LDAP_USER_FILTER - Filter for user accounts
DJANGO_LDAP_GROUP_BASE_DN - Base DN where groups reside
DJANGO_LDAP_GROUP_FILTER - Filter for groups
DJANGO_AUTH_LDAP_USER_FLAGS_BY_GROUP - AUTH_LDAP_USER_FLAGS_BY_GROUP
given as JSON
DJANGO_LDAP_LOGGING_LEVEL WARNING https://django-auth-ldap.readthedocs.io/en/latest/logging.html
DJANGO_DATABASE_URL - https://django-environ.readthedocs.io/en/latest/types.html#environ-env-db-url

Features

  • REST API Backend provides following components/functions:
    • Rule
      • Add new Rule
      • View all Rules
      • View specific Rule
      • Update specific Rule
      • Delete specific Rule
      • Import Rules from CSV
    • RuleSetRequest
      • Add new RuleSetRequest
      • View all RuleSetRequests
      • View specific RuleSetRequest
      • Approve/Refuse specific RuleSetRequest
    • Firewall
      • View all Firewalls
    • User
      • View all Users
    • Authentication
      • Tokenauthentication
      • JWT Authentication

For a comprehensive API description visit the OpenAPI Doc here or when the application is running at /api/schema/, /api/schema/redoc/ or /api/schema/swagger-ui/. (no custom descriptions and examples yet...)

All other functions are currently not implemented or available for staff-members via the admin panel.

Licensing

This project is licensed under the MIT license. See LICENSE for more information.

About

API Backend to document basic L3/L4-firewallpolicies

Topics

firewall documentation-tool firewall-rules firewall-policies

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Languages